Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 622374 - www-servers/apache-2.4.26: changed behavior with SCRIPT_NAME variable and FPM
Summary: www-servers/apache-2.4.26: changed behavior with SCRIPT_NAME variable and FPM
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Lars Wendler (Polynomial-C)
URL: https://bz.apache.org/bugzilla/show_b...
Whiteboard:
Keywords: PATCH
Depends on:
Blocks: CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679
  Show dependency tree
 
Reported: 2017-06-21 10:07 UTC by Hanno Böck
Modified: 2017-07-10 05:54 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2017-06-21 10:07:55 UTC
apache 2.4.26 has a major regression. Upstream bug report is here:

https://bz.apache.org/bugzilla/show_bug.cgi?id=61202

And there's a lengthy discussion on apache's "dev" mailing list[1].

This breaks common web applications (e.g. wordpress) in fpm setups. Thus this should be considered major. As 2.4.26 fixes a couple of security bugs this is a bit problematic, but I suggest waiting for an upstream fix before stabilizing 2.4.26.

[1] https://lists.apache.org/thread.html/3cc85e29c730e85b2ec0090aa2f27b8b244c2e503e0afae2901ef08d@%3Cdev.httpd.apache.org%3E
Comment 1 Thomas Deutschmann gentoo-dev Security 2017-07-03 11:44:20 UTC
Upstream fix: https://svn.apache.org/viewvc?view=revision&revision=1800306
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2017-07-10 05:54:38 UTC
Should be fixed in apache-2.4.27